Back to LinkedIn posts

LinkedIn post 149

Some versions of DuckDB NPM packages were compromised with malware.

Some versions of DuckDB NPM packages were compromised with malware.

One of the maintainers was tricked by a phishing email and clicked a malicious link that mimicked the actual website, but also created an API key that allowed the attacker to publish malicious versions of the packages.

We need to be extra careful when clicking on links in emails, first checking the email's precedence.

https://lnkd.in/gsy8n_AP